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DETAILED ACTION 

1 . This is in response to the amendments filed on February 4**", 2008. Claims 1-3,9, 10 and 16-18 have 
been amended; Claims 27-34 have been added; Claims 1-34 are pending and have been considered below. 

Claim Objections 

2. Claims 9 and 28 is objected to because of the following informalities: the term "operable to" is 
indefinite and should be amended to read "configured to" or the like. Appropriate correction is required. 

Claim Rejections - 35 USC § 112 

3. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude w ith one or more claims particularly pointing out and distinctly claiming the subject matter which 
the applicant regards as his invention. 

4. Claims 28 and 30 are rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite for failing to 
particularly point out and distinctly claim the subject matter which applicant regards as the invention. 

5. Claim 28 recites the limitation "the proxy machine" in line 4. There is insufficient antecedent basis for 
this limitation in the claim. 

6. Claim 30 recites the limitation "the viral signature patterns" in line 1 . There is insufficient antecedent 
basis for this limitation in the claim. 

Claim Rejections - 35 USC § 101 

7. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful 
improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. 
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Claims 9-15, 25, 28 and 31 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non- 
statutory subject matter. Claims 9-15, 25, 28 and 31 disclose a system, which in light of the specification [page 
6, lines 21-22], appear to encompass a software application. Thus, Claims 9-15, 25, 28 and 31 are drawn to 
software per se. Software is not a series of steps or acts and this is not a process. Software is not a physical 
article or object and as such is not a machine or manufacture. Software is not a combination of substances and 
therefore not a compilation of matter. Thus, software by itself does not fall within any of the four categories of 
invention. Therefore, Claims 9-15, 25, 28 and 31 are not statutory. 

Claim Rejections - 35 USC § 102 

8. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the 
rejections under this section made in this Office action: 

A person shall be enlilled lo a palenl unless 

(b) the invention was patented or described in a printed publication in this or a foreign countiy or in public use or on sale in this cotmtry, 
more than one year prior to the date of application for patent m the United States. 

9. Claims 1-5, 9-11, 15-20, 24-32 and 34 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Kindberg et al. (2003/0061515). 

Claim 1: Kindberg et al. discloses a method for maintaining computer security comprising: 

a. providing a signature file//e. a database containing capabilities, etc.) containing information about 
known system vulnerabilities/z'e. acceptable arguments for a CGI script) [page 4, paragraph 0054 & page 5, 
paragraphs 0058-0059]; 

b. at a reverse proxy server residing between at least one client computer and a web server [figure 2]: 
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i. receiving an incoming message from the at least one client computer, wherein the incoming 
message, if malicious and upon receipt by the web server, automatically causes the web server to 
perform an action which exploits a vulnerability of the web serverfi'e. step 600) [figure 6]; 

ii. comparing the received incoming message with the signature file to determine whether the 
incoming message is malicious (^/e. step 610) [figure 6]; 

iii. and if it is determined to be malicious, blocking the incoming message from reaching the web 
serverfi'e. request is rejected) [page 4, paragraph 0054]. 

Claim 9: ICindberg et al. discloses a system for maintaining computer security comprising: 

a. a signature file containing information about known system vulnerabilities, the information not 
including viral signature patterns [page 4, paragraph 0054 & page 5, paragraphs 0058-0059]; 

b. a web server [figure 2]; 

c. reverse proxy server residing between at least one client computer and a web server, the reverse 
proxy server operable to [figure 6]: 

i. receiving an incoming message from the at least one client computer, wherein the incoming 
message, if malicious and upon receipt by the web server, automatically causes the web server to 
perform an action which exploits a vulnerability of the web server [figure 6]; 

ii. comparing the received incoming message with the signature file to determine whether the 
incoming message is malicious [figure 6]; 

iii. and if it is determined to be malicious, blocking the incoming message from reaching the web server 
[page 4, paragraph 0054]. 

Claim 16: tCindberg et al. discloses a computer storage medium containing code for maintaining computer 
security comprising: 
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a. providing a signature file containing information about known system vulnerabilities, the information 
not including viral signature patterns [page 4, paragraph 0054 & page 5, paragraphs 0058-0059]; 

b. at a HTTP reverse proxy server residing between at least one client computer and a web server 
[figure 2]: 

i. receiving an incoming message from the at least one client computer, wherein the incoming 
message, if malicious and upon receipt by the web server, automatically causes the web server to 
perform an action which exploits a vulnerability of the web server [figure 6]; 

ii. comparing the received incoming message with the signature file to determine whether the 
incoming message is malicious [figure 6]; 

iii. and if it is determined to be malicious, blocking the incoming message from reaching the web 
server [page 4, paragraph 0054]. 

Claim 34: Kindberg et al. discloses a method for maintaining computer security comprising: 

a. providing a signature file containing information about known system vulnerabilities the information 
comprising a predefined length of a Universal Resource Locator ("URL") in a message header [page 4, 
paragraph 0054 & page 5, paragraphs 0058-0059]; 

b. receiving an incoming message from at least one client computer [figure 6]; 

c. comparing a length of a URL in a message header of the incoming message with the predefined 
length in the signature file to determine whether the incoming message is malicious(7e. URL having a character 
string conforming to the length established) [page 4, paragraph 0052]; 

d. and if the incoming message is determined to be malicious, blocking the incoming message from 
reaching a web server [page 4, paragraph 0054]. 
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Claims 2-4, 10 and 17-19: Kindberg et al. discloses an invention as in claims 1, 9 and 16 above and further 
discloses that the comparing further comprises: 

a. parsing the incoming message [page 4, paragraph 0055]; 

b. converting the incoming message into an intemal formatfi'e. specific CGI arguments etc.) [page 5, 
paragraph 0060]; 

c. comparing the converted incoming message with the signature file and determining whether the 
converted incoming message is malicious based on the comparisonfi'e. list of acceptable arguments etc) [page 5, 
paragraph 0059]; 

d. reassembling the converted incoming message back into its original format prior to forwarding it to 
the web server if it is determined that the code is not mahcious and forwarding the reassembled message to the 
web server(7e. arugment passed through unchanged, etc.) [page 5, paragraph 0061]. 

Claims 5, 11 and 20: Kindberg et al. discloses an invention as in claims 1, 9 and 16 above and further discloses 
that the signature file contains information about known system vulnerabilitiesfze. acceptable arguments for a 
CGI script) [page 4, paragraph 0054 & page 5, paragraphs 0058-0059]. 

Claim 15: Kindberg et al. discloses a system as in claim 10 above and further discloses that the signature file is 
linked to the HTTP message analyzer modulefze. list of acceptable arguments) [page 5, paragraph 0058]. 
Claims 24-26: Kindberg et al. disclose a method, system and computer storage medium as in claims 1, 9 and 
16 above, and further discloses that the incoming message comprises an HTTP messages [abstract]. 
Claims 27-29: Kindberg et al. discloses the invention of claims 1, 9 and 16, and further discloses that: 

a. the information comprises a predefined length of a Universal Resource Locator ("URL") in a message 
headerfie. URL having a character string conforming to the length established) [page 4, paragraph 0052]; 
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b. and comparing the received incoming message with the signature file comprises comparing a length 
of a URL in a message header of the incoming message with the predefined length in the signature file [figure 
6]. 

Claims 30-32: tCindberg et al. discloses the invention of claims 1, 9 and 16, and further discloses that the viral 
signature patterns comprise one or more binary pattems associated with a virusfi'e. character string length is 
not a binary pattern of a virus) [page 4, paragraph 0052]. 

Claim Rejections - 35 USC § 103 

10. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set 
forth in this Office action: 

(a) A patent may not be obtained though the im cniion is noi idcniicahy disck)scd described as set forth in section 102 of this 
title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole 
would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter 
pertains. Patentability shall not be negatived by the manner in which the invention was made. 

11. Claims 6-8, 12-14 and 21-23 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Kindberg et al. (2003/0061515) in view of Cambridge (7,080,000). 

Claims 6, 12 and 21: Kindberg et al. discloses a method, system and computer storage medium as in claims 1, 
9 and 16 above, but does not explicitly disclose that the signature file is made available through a web server. 
However, Cambridge discloses a similar method, system and computer storage medium and further discloses 

that the signature filcfantivirus database) is made available through a web SQrvQr (antivirus server) [abstract]. 
Therefore, it would have been obvious to one of ordinary skill in the art at the time of invention to make the 
signature files available through a web server. One would have been motivated to do so in order to make 
signature file updates easily accessible. 
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Claims 7, 13 and 22: Kindberg et al. discloses a method, system and computer storage medium as in claims 1 , 
9 and 16 above, but does not explicitly disclose continuously updating the signature file. However, Cambridge 
discloses a similar method, system and computer storage medium and fiirther discloses continuously updating 
the signature filefantivirus data file) [column 2, lines 63-67]. Therefore, it would have been obvious to one of 
ordinary skill in the art at the time of invention to continuously update the signature file. One would have been 
motivated to do so in order to be able to detect the latest viruses, which are constantly being created. 
Claims 8, 14 and 23: tCindberg et al. discloses a method, system and computer storage medium as in claims 1, 
9 and 16 above, but does not explicitly disclose periodically downloading the signature file in order to make its 
copy current. However, Cambridge discloses a similar method, system and computer storage medium and 
further discloses periodically downloading the signature filesfrecemog a new antivirus file at one of the user 
computers) in order to make its copy current [abstract]. Therefore, it would have been obvious to one of 
ordinary skill in the art at the time of invention to periodically download the signature files. One would have 
been motivated to do so in order to be able to detect the latest viruses, which are constantly being created. 
12. Claim 33 is rejected under 35 U.S.C. 103(a) as being unpatentable over Kindberg et al. 
(2003/0061515) in view of El-Rafie (6,968,394). 

Claim 33: ICindberg et al. discloses the method of claim 1, and fiirther discloses logging user requests and in 
particular logging the user identity [page 4, paragraph 0056], but does not explicitly disclose that if the 
incoming message is determined to be malicious, identifying the first computer; and automatically blocking 
future messages received from the first client computer. 

However, El-Rafie discloses a similar method and fiirther discloses monitoring requests and 
identifying/blocking malicious users from fiiture requests(/e. determining rogue user terminals and blocking 
data fiow to the ofiendinglP address, etc.) [column 26, lines 10-61]. 
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Therefore, it would have been obvious to one of ordinary skill in the art at the time of invention to 
modify the method disclosed by Kindberg et al. with the features disclosed by El-Rafie in order to automatically 
provide a more selective access to resources within a network, as suggested by tCindberg et al. [page 1, 
paragraph 0012]. 

Response to Arguments 

13. Applicant's arguments with respect to claims 1,9, 16 and 34 have been considered but are moot in view 
of the new ground(s) of rejection. 

Conclusion 

14. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Staamann et al. (2003/0145094). 

Any inquiry concerning this communication or earlier communications from the examiner should be 
directed to EDWARD ZEE whose telephone nimiber is (571)270-1686. The examiner can normally be reached 
on Monday through Thursday 9:00AM-5 :00PM EST. 

If attempts to reach the examiner by telephone are unsuccessfiil, the examiner's supervisor, Kim Y. Vu 
can be reached on (571) 272-3859. The fax phone number for the organization where this application or 
proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published apphcations may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217- 
9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the 
automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

EZ 

April 22, 2008 
/KIMYEN VU/ 

Supervisory Patent Examiner, Art Unit 2135 



